1. Field of the Invention
The present invention is directed to technology for processing POST data submitted in HTTP requests.
2. Description of the Related Art
As the impact of the Internet continues to alter the economic landscape, companies are experiencing a fundamental shift in how they do business. Business processes involve complex interactions between companies and their customers, suppliers, partners and employees. For example, businesses interact constantly with their customers—often other businesses—to provide information on product specification and availability. Businesses also interact with vendors and suppliers in placing orders and obtaining payments. Businesses must also make a wide array of information and services available to their employee populations, generating further interactions.
To meet new challenges and leverage opportunities, while reducing their overall cost-of-interactions, many organizations are migrating to network-based business processes and models. Among the most important of these is Internet-based E-business.
To effectively migrate their complex interactions to an Internet-based E-business environment, organizations must contend with a wide array of challenges and issues. For example, businesses need to securely provide access to business applications and content to users they deem authorized. This implies that businesses need to be confident that unauthorized use is prevented. Often, this involves the nontrivial, ongoing task of attempting to tie together disparate, system-specific authentication and/or authorization schemes.
E-business is also challenged with cohesively managing disparate end user, application, content, policy, and administrative information. Historically, user and authorization information have been stored in application-specific formats and often on a per-application basis. It is labor intensive to maintain consistency across the disparate repositories and, thus, the cost for user and policy administration increase as more application and content are added. Such an aggregated system is difficult to replicate and scale. This can lead to operational errors, poor user experiences, and loss of confidence in the E-business by all those concerned.
Another challenge facing E-business is how to scale the E-business over time. A successful E-business network, its applications, and content must be able to seamlessly scale from a modest flood of requests to a torrent of requests. At the same time, it must be able to scale administratively. Increases in traffic, users, and content require additional administrative effort. To avoid bottlenecks, scaling must be accomplished in a decentralized, delegated fashion. This includes incorporating associated portals seamlessly into the E-business network. Because E-businesses often accumulate various disparate systems, they need to offer a seamless experience to users and not unduly burden administrators.
To meet these challenges, an E-business host company needs a web access management solution that delivers the ability to effectively secure and manage all the various network-based interactions. A system should accommodate all participants involved with the E-business, whether they are local or remote. It must also be able to distinguish between the E-business' employees and all the users who are affiliated with the E-business host's customers, suppliers and/or partners.
In the past, various entities have offered identity management systems which store and manage identity information for users such as company employees, suppliers, etc. Additionally, access management systems have been available. These access management systems provide means for authenticating users and authorizing users. However, the previous access management systems do not include, or are not capable of communicating with, a robust identity system. Those that could communicate with an identity system did not take full advantage of the information stored and managed by the identity system.
Previous access management systems have not fully provided for efficient ways to map requested resources to particular rules which govern user authentication, user authorization, or access system event auditing. Mapping techniques that look to only the resource URL, port number of a resource request, and/or resource location (i.e. identifying a web server a resource resides on) provide limited opportunities for employing additional request-specific information in mapping decisions. Thus, there is a need to map resources to rules based on additional user-entered or machine-entered information.
Furthermore, previous access management systems have not fully provided for efficient ways to pass data required to authorize users to access resources. Passing a resource URL with nothing more may only permit authorization based on the URL itself, with no provision for additional concurrent user-entered, or machine-entered information. Although additional information may be passed through query data, this technique becomes cumbersome when large amounts of query data are used. Query strings can become undesirably long, making them difficult to manipulate. Long query strings can obscure a user's view of a URL in the user's browser. This can be particularly disconcerting for users having limited or no experience with the particulars of query data. Thus, there is a further need to allow additional data to be provided for authorizing users for resources in an efficient manner without unduly burdening users or systems.